Stack Smashing

Recall that stack buffer overflow, otherwise known as "stack smashing," occurs when a program writes beyond the boundary of some buffer (e.g., an array) on the stack, as might happen if you forget to check the length of some input. If the bytes written happen to overwrite a "return address" on the stack, a program might be tricked into executing the wrong function, perhaps one defined among the very bytes written to memory by some adversary.

But defenses exist! Read up on "stack canaries," as via Google, or curl up with such videos as https://www.youtube.com/watch?v=uSC3guWOvpk on YouTube.

Answer the below in smashing.md.

Questions

  1. (2 points.) In your own words, what is a "stack canary" and how does it help protect against stack buffer overflows?

  2. (1 point.) Why is a "stack canary" called a "canary" in the first place?

  3. (2 points.) Implement a (short) C function that’s somehow vulnerable to stack buffer overflow.

Debrief

  1. Which resources, if any, did you find helpful in answering this problem’s questions?

  2. About how long did you spend on this problem’s questions?